Beyond Access Control: Why Deep Observability is Zero Trust’s New Frontier

SANTA CLARA, Calif. – June 15, 2026 – As enterprises race to replace legacy security models with Zero Trust frameworks, a critical question has emerged: what happens after a user is granted access? A new partnership between deep observability leader Gigamon and Zero Trust pioneer Zscaler aims to answer that question, signaling a pivotal evolution in enterprise security strategy.

The companies have announced an integration between Zscaler Private Access™ (ZPA™) and Gigamon Application Metadata Intelligence (AMI), a move designed to illuminate the activity that occurs within the secure tunnels of Zero Trust environments. By combining Zscaler’s identity-based access controls with Gigamon’s granular network-level visibility, the partnership tackles one of the most persistent challenges in modern cybersecurity: the post-authentication blind spot.

This collaboration isn't just another product integration; it represents a fundamental shift in how businesses must approach security. It suggests that simply controlling who can access a resource is no longer sufficient. In the era of hybrid clouds and sophisticated threats, the ability to see, understand, and validate every action is becoming the new, non-negotiable standard.

The Zero Trust Mandate and Its Hidden Flaw

Zero Trust, the principle of “never trust, always verify,” has rightly become the dominant security paradigm for the modern enterprise. Driven by the dissolution of traditional network perimeters and government mandates like the U.S. Executive Order 14028, adoption is surging. The global Zero Trust security market is forecast to swell to nearly $68 billion by 2035, as organizations abandon outdated VPNs for more secure, identity-centric solutions.

This shift is a direct response to a harsh reality: the attack surface has exploded, and the cost of a data breach, now averaging nearly $4.9 million, continues to climb. Zero Trust promises to mitigate this by granting access on a least-privilege basis, connecting users only to the specific applications they need.

However, this model contains a hidden flaw. While excellent at policing the front door, traditional Zero Trust Network Access (ZTNA) can offer limited insight into what happens once a user is inside. If an attacker compromises a legitimate user’s credentials, they can potentially move laterally across the network—from one application to another—under the cloak of a trusted identity. This is the Achilles' heel that keeps CISOs awake at night.

Industry data confirms this visibility gap is a widespread concern. A recent Gigamon survey revealed that while three-quarters of security leaders understand the importance of monitoring this East-West (lateral) traffic, only 40% believe they have the capability to do so. The press release highlights a similar finding from the 2026 Hybrid Cloud Security Survey, where 45 percent of IT leaders identified visibility as their top security challenge. This gap between principle and practice is precisely what the Gigamon-Zscaler integration aims to close.

Bridging the Gap: How the Integration Works

The joint solution elegantly marries two distinct but complementary capabilities. Zscaler Private Access acts as the identity-aware gatekeeper, determining the “who” and “where” of access. It verifies user identity and device posture before brokering a secure, direct connection to a private application, without ever placing the user on the corporate network.

This is where Gigamon’s Deep Observability Pipeline takes the baton. Once ZPA grants access, Gigamon Application Metadata Intelligence (AMI) begins observing the traffic flowing between the user and the application. It captures and enriches nearly 6,000 metadata attributes—from DNS queries and SSL certificate details to application behavior indicators—to paint a detailed picture of the “how” and “what” of the user's activity.

“Zero Trust access determines who can connect to an application. Deep observability helps organizations understand what happens after access is granted,” explained Srinivas Chakravarty, vice president of cloud ecosystem at Gigamon. “By combining Zscaler Private Access with Gigamon AMI, customers can detect lateral movement faster, validate policy, and give security teams the application-level context needed to accelerate investigations.”

The synergy provides a continuous feedback loop. ZPA provides the identity context, and Gigamon provides the activity context. This combined telemetry stream can be fed into a Security Information and Event Management (SIEM) or other analytics tools, allowing security teams to correlate a specific user’s access with their precise application-level behavior.

“Organizations are adopting Zero Trust architectures to securely connect users to private applications from anywhere, without exposing the apps to the internet,” said Satish Madiraju, vice president of product management at Zscaler. “By integrating ZPA with Gigamon AMI, customers can gain deeper visibility into application activity and user behavior after access is granted, helping security teams strengthen Zero Trust operations, accelerate investigations, and detect lateral movement faster.”

From Theory to Practice: Real-World Implications

For enterprises grappling with the complexities of hybrid cloud security, the practical benefits of this integration are substantial. It moves Zero Trust from a theoretical policy framework to a tangible, observable, and enforceable reality.

Key advantages for organizations, which are currently being explored by early adopters in a limited access program, include:

• Validation of Zero Trust Policy Enforcement: Security teams can finally verify that least-privilege policies are not only in place but are also effective. By observing East-West communication between workloads, they can spot unauthorized application cross-talk or policy deviations that could indicate a misconfiguration or a threat.

• Richer Context for Security Investigations: When an alert fires, security operations teams no longer have to piece together disparate logs. The integrated data stream connects a user's identity directly to their network and application actions, dramatically reducing the mean time to detect and respond to incidents.

• Improved Threat Detection: The solution is purpose-built to detect sophisticated threats that abuse legitimate credentials. By baselining normal application behavior, the system can flag anomalies—such as an HR application attempting to communicate with a source code repository—that signal lateral movement or an insider threat.

This capability is especially crucial for large, complex organizations in highly regulated sectors like finance and healthcare, which are the primary targets for this solution. For them, proving compliance and securing sensitive data across sprawling hybrid environments is not just a technical challenge but a core business imperative.

A New Cornerstone for Enterprise Security

The Gigamon-Zscaler alliance is more than a partnership; it’s a bellwether for the future of cybersecurity. It highlights an industry-wide recognition that access control and observability are two sides of the same security coin. While some platform vendors like Palo Alto Networks and Cisco aim to provide an all-in-one solution, this best-of-breed integration champions a different model: combining the market leader in Zero Trust access with the market leader in deep observability.

This strategic move strengthens both companies. It allows Zscaler to offer a more robust Zero Trust platform that addresses the critical post-authentication visibility gap, differentiating it in a crowded market. For Gigamon, it cements its position as the essential observability fabric for the modern security stack, proving that network-derived telemetry is indispensable for securing complex environments.

Ultimately, this evolution empowers enterprises to implement Zero Trust with greater confidence. By making the entire user-to-application journey visible and verifiable, the integration transforms Zero Trust from a set of access rules into a living, breathing, and observable security posture that is far more resilient to advanced threats.